2020-07-08 11:56:37 +00:00
|
|
|
package api
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
2022-06-24 12:38:22 +00:00
|
|
|
"crypto/tls"
|
2020-07-08 11:56:37 +00:00
|
|
|
"net/http"
|
2022-02-14 16:22:30 +00:00
|
|
|
"strings"
|
2020-07-08 11:56:37 +00:00
|
|
|
|
2022-02-14 16:22:30 +00:00
|
|
|
"github.com/gorilla/mux"
|
|
|
|
"github.com/improbable-eng/grpc-web/go/grpcweb"
|
2022-04-26 23:01:45 +00:00
|
|
|
"github.com/zitadel/logging"
|
2020-07-08 11:56:37 +00:00
|
|
|
"google.golang.org/grpc"
|
2023-04-11 13:37:42 +00:00
|
|
|
"google.golang.org/grpc/health"
|
|
|
|
healthpb "google.golang.org/grpc/health/grpc_health_v1"
|
2023-04-14 13:34:12 +00:00
|
|
|
"google.golang.org/grpc/reflection"
|
2020-07-08 11:56:37 +00:00
|
|
|
|
2022-04-26 23:01:45 +00:00
|
|
|
internal_authz "github.com/zitadel/zitadel/internal/api/authz"
|
|
|
|
"github.com/zitadel/zitadel/internal/api/grpc/server"
|
|
|
|
http_util "github.com/zitadel/zitadel/internal/api/http"
|
2023-05-05 08:25:02 +00:00
|
|
|
http_mw "github.com/zitadel/zitadel/internal/api/http/middleware"
|
2022-11-09 07:19:05 +00:00
|
|
|
"github.com/zitadel/zitadel/internal/api/ui/login"
|
2022-04-26 23:01:45 +00:00
|
|
|
"github.com/zitadel/zitadel/internal/errors"
|
2023-02-15 01:52:11 +00:00
|
|
|
"github.com/zitadel/zitadel/internal/logstore"
|
2022-04-26 23:01:45 +00:00
|
|
|
"github.com/zitadel/zitadel/internal/query"
|
2022-07-18 08:42:32 +00:00
|
|
|
"github.com/zitadel/zitadel/internal/telemetry/metrics"
|
2022-04-26 23:01:45 +00:00
|
|
|
"github.com/zitadel/zitadel/internal/telemetry/tracing"
|
2020-07-08 11:56:37 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
type API struct {
|
2023-03-08 18:33:43 +00:00
|
|
|
port uint16
|
|
|
|
grpcServer *grpc.Server
|
|
|
|
verifier *internal_authz.TokenVerifier
|
2023-04-11 13:37:42 +00:00
|
|
|
health healthCheck
|
2023-03-08 18:33:43 +00:00
|
|
|
router *mux.Router
|
|
|
|
http1HostName string
|
2023-04-11 13:37:42 +00:00
|
|
|
grpcGateway *server.Gateway
|
|
|
|
healthServer *health.Server
|
2020-08-18 08:04:56 +00:00
|
|
|
}
|
2020-12-02 07:50:59 +00:00
|
|
|
|
2023-04-11 13:37:42 +00:00
|
|
|
type healthCheck interface {
|
2020-08-18 08:04:56 +00:00
|
|
|
Health(ctx context.Context) error
|
2020-07-08 11:56:37 +00:00
|
|
|
}
|
|
|
|
|
2023-02-15 01:52:11 +00:00
|
|
|
func New(
|
2023-04-11 13:37:42 +00:00
|
|
|
ctx context.Context,
|
2023-02-15 01:52:11 +00:00
|
|
|
port uint16,
|
|
|
|
router *mux.Router,
|
|
|
|
queries *query.Queries,
|
|
|
|
verifier *internal_authz.TokenVerifier,
|
|
|
|
authZ internal_authz.Config,
|
2023-03-08 18:33:43 +00:00
|
|
|
tlsConfig *tls.Config, http2HostName, http1HostName string,
|
2023-02-15 01:52:11 +00:00
|
|
|
accessSvc *logstore.Service,
|
2023-04-11 13:37:42 +00:00
|
|
|
) (_ *API, err error) {
|
2020-07-08 11:56:37 +00:00
|
|
|
api := &API{
|
2023-03-08 18:33:43 +00:00
|
|
|
port: port,
|
|
|
|
verifier: verifier,
|
|
|
|
health: queries,
|
|
|
|
router: router,
|
|
|
|
http1HostName: http1HostName,
|
feat(queries): use org projection (#2342)
* job queue
* wg improvements
* start handler
* statement
* statements
* imporve handler
* improve statement
* statement in seperate file
* move handlers
* move query/old to query
* handler
* read models
* bulk works
* cleanup
* contrib
* rename readmodel to projection
* rename read_models schema to projections
* rename read_models schema to projections
* search query as func,
bulk iterates as long as new events
* add event sequence less query
* update checks for events between current sequence and sequence of first statement if it has previous sequence 0
* cleanup crdb projection
* refactor projection handler
* start with testing
* tests for handler
* remove todo
* refactor statement: remove table name,
add tests
* improve projection handler shutdown,
no savepoint if noop stmt,
tests for stmt handler
* tests
* start failed events
* seperate branch for contrib
* move statement constructors to crdb pkg
* correct import
* Subscribe for eventtypes (#1800)
* fix: is default (#1737)
* fix: use email as username on global org (#1738)
* fix: use email as username on global org
* Update user_human.go
* Update register_handler.go
* chore(deps): update docusaurus (#1739)
* chore: remove PAT and use GH Token (#1716)
* chore: remove PAT and use GH Token
* fix env
* fix env
* fix env
* md lint
* trigger ci
* change user
* fix GH bug
* replace login part
* chore: add GH Token to sem rel (#1746)
* chore: add GH Token to sem rel
* try branch
* add GH Token
* remove test branch again
* docs: changes acme to acme-caos (#1744)
* changes acme to acme-caos
* Apply suggestions from code review
Co-authored-by: Florian Forster <florian@caos.ch>
Co-authored-by: Maximilian Panne <maximilian.panne@gmail.com>
Co-authored-by: Florian Forster <florian@caos.ch>
* feat: add additional origins on applications (#1691)
* feat: add additional origins on applications
* app additional redirects
* chore(deps-dev): bump @angular/cli from 11.2.8 to 11.2.11 in /console (#1706)
* fix: show org with regex (#1688)
* fix: flag mapping (#1699)
* chore(deps-dev): bump @angular/cli from 11.2.8 to 11.2.11 in /console
Bumps [@angular/cli](https://github.com/angular/angular-cli) from 11.2.8 to 11.2.11.
- [Release notes](https://github.com/angular/angular-cli/releases)
- [Commits](https://github.com/angular/angular-cli/compare/v11.2.8...v11.2.11)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Silvan <silvan.reusser@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump stylelint from 13.10.0 to 13.13.1 in /console (#1703)
* fix: show org with regex (#1688)
* fix: flag mapping (#1699)
* chore(deps-dev): bump stylelint from 13.10.0 to 13.13.1 in /console
Bumps [stylelint](https://github.com/stylelint/stylelint) from 13.10.0 to 13.13.1.
- [Release notes](https://github.com/stylelint/stylelint/releases)
- [Changelog](https://github.com/stylelint/stylelint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/stylelint/stylelint/compare/13.10.0...13.13.1)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Silvan <silvan.reusser@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump @types/node from 14.14.37 to 15.0.1 in /console (#1702)
* fix: show org with regex (#1688)
* fix: flag mapping (#1699)
* chore(deps-dev): bump @types/node from 14.14.37 to 15.0.1 in /console
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 14.14.37 to 15.0.1.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Silvan <silvan.reusser@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump ts-protoc-gen from 0.14.0 to 0.15.0 in /console (#1701)
* fix: show org with regex (#1688)
* fix: flag mapping (#1699)
* chore(deps): bump ts-protoc-gen from 0.14.0 to 0.15.0 in /console
Bumps [ts-protoc-gen](https://github.com/improbable-eng/ts-protoc-gen) from 0.14.0 to 0.15.0.
- [Release notes](https://github.com/improbable-eng/ts-protoc-gen/releases)
- [Changelog](https://github.com/improbable-eng/ts-protoc-gen/blob/master/CHANGELOG.md)
- [Commits](https://github.com/improbable-eng/ts-protoc-gen/compare/0.14.0...0.15.0)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Silvan <silvan.reusser@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump @types/jasmine from 3.6.9 to 3.6.10 in /console (#1682)
Bumps [@types/jasmine](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jasmine) from 3.6.9 to 3.6.10.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jasmine)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump @types/google-protobuf in /console (#1681)
Bumps [@types/google-protobuf](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/google-protobuf) from 3.7.4 to 3.15.2.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/google-protobuf)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps): bump grpc from 1.24.5 to 1.24.7 in /console (#1666)
Bumps [grpc](https://github.com/grpc/grpc-node) from 1.24.5 to 1.24.7.
- [Release notes](https://github.com/grpc/grpc-node/releases)
- [Commits](https://github.com/grpc/grpc-node/compare/grpc@1.24.5...grpc@1.24.7)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* lock
* chore(deps-dev): bump @angular/language-service from 11.2.9 to 11.2.12 in /console (#1704)
* fix: show org with regex (#1688)
* fix: flag mapping (#1699)
* chore(deps-dev): bump @angular/language-service in /console
Bumps [@angular/language-service](https://github.com/angular/angular/tree/HEAD/packages/language-service) from 11.2.9 to 11.2.12.
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/master/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/11.2.12/packages/language-service)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Silvan <silvan.reusser@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* package lock
* downgrade grpc
* downgrade protobuf types
* revert npm packs 🥸
Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Silvan <silvan.reusser@gmail.com>
* docs: update run and start section texts (#1745)
* update run and start section texts
* adds showcase
Co-authored-by: Maximilian Panne <maximilian.panne@gmail.com>
* fix: additional origin list (#1753)
* fix: handle api configs in authz handler (#1755)
* fix(console): add model for api keys, fix toast, binding (#1757)
* fix: add model for api keys, fix toast, binding
* show api clientid
* fix: missing patchvalue (#1758)
* feat: refresh token (#1728)
* begin refresh tokens
* refresh tokens
* list and revoke refresh tokens
* handle remove
* tests for refresh tokens
* uniqueness and default expiration
* rename oidc token methods
* cleanup
* migration version
* Update internal/static/i18n/en.yaml
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
* fixes
* feat: update oidc pkg for refresh tokens
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
* fix: correct json name of clientId in key.json (#1760)
* fix: migration version (#1767)
* start subscription
* eventtypes
* fix(login): links (#1778)
* fix(login): href for help
* fix(login): correct link to tos
* fix: access tokens for service users and refresh token infos (#1779)
* fix: access token for service user
* handle info from refresh request
* uniqueness
* postpone access token uniqueness change
* chore(coc): recommend code of conduct (#1782)
* subscribe for events
* feat(console): refresh toggle out of granttype context (#1785)
* refresh toggle
* disable if not code flow, lint
* lint
* fix: change oidc config order
* accept refresh option within flow
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
* fix: refresh token activation (#1795)
* fix: oidc grant type check
* docs: add offline_access scope
* docs: update refresh token status in supported grant types
* fix: update oidc pkg
* fix: check refresh token grant type (#1796)
* configuration structs
* org admins
* failed events
* fixes
Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
Co-authored-by: Florian Forster <florian@caos.ch>
Co-authored-by: mffap <mpa@caos.ch>
Co-authored-by: Maximilian Panne <maximilian.panne@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
* remove comment
* aggregate reducer
* remove eventtypes
* add protoc-get-validate to mod
* fix transaltion
* upsert
* add gender on org admins,
allow to retry failed stmts after configurable time
* remove if
* sub queries
* fix: tests
* add builder to tests
* new search query
* rename searchquerybuilder to builder
* remove comment from code
* test with multiple queries
* add filters test
* current sequences
* make org and org_admins work again
* add aggregate type to current sequence
* fix(contibute): listing
* add validate module
* fix: search queries
* feat(eventstore): previous aggregate root sequence (#1810)
* feat(eventstore): previous aggregate root sequence
* fix tests
* fix: eventstore v1 test
* add col to all mocked rows
* next try
* fix mig
* rename aggregate root to aggregate type
* update comment
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
* small refactorings
* allow update multiple current sequences
* unique log id
* fix migrations
* rename org admin to org owner
* improve error handling and logging
* fix(migration): optimize prev agg root seq
* fix: projection handler test
* fix: sub queries
* small fixes
* additional event types
* correct org owner projection
* fix primary key
* feat(eventstore): jobs for projections (#2026)
* fix: template names in login (#1974)
* fix: template names in login
* fix: error.html
* fix: check for features on mgmt only (#1976)
* fix: add sentry in ui, http and projection handlers (#1977)
* fix: add sentry in ui, http and projection handlers
* fix test
* fix(eventstore): sub queries (#1805)
* sub queries
* fix: tests
* add builder to tests
* new search query
* rename searchquerybuilder to builder
* remove comment from code
* test with multiple queries
* add filters test
* fix(contibute): listing
* add validate module
* fix: search queries
* remove unused event type in query
* ignore query if error in marshal
* go mod tidy
* update privacy policy query
* update queries
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
* feat: Extend oidc idp with oauth endpoints (#1980)
* feat: add oauth attributes to oidc idp configuration
* feat: return idpconfig id on create idp
* feat: tests
* feat: descriptions
* feat: docs
* feat: tests
* docs: update to beta 3 (#1984)
* fix: role assertion (#1986)
* fix: enum to display access token role assertion
* improve assertion descriptions
* fix nil pointer
* docs: eventstore (#1982)
* docs: eventstore
* Apply suggestions from code review
Co-authored-by: Florian Forster <florian@caos.ch>
Co-authored-by: Florian Forster <florian@caos.ch>
* fix(sentry): trigger sentry release (#1989)
* feat(send sentry release): send sentry release
* fix(moved step and added releasetag): moved step and added releasetag
* fix: set version for sentry release (#1990)
* feat(send sentry release): send sentry release
* fix(moved step and added releasetag): moved step and added releasetag
* fix(corrected var name): corrected var name
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
* fix: log error reason on terminate session (#1973)
* fix: return default language file, if requested lang does not exist for default login texts (#1988)
* fix: return default language file, if requested lang doesnt exists
* feat: read default translation file
* feat: docs
* fix: race condition in auth request unmarshalling (#1993)
* feat: handle ui_locales in login (#1994)
* fix: handle ui_locales in login
* move supportedlanguage func into i18n package
* update oidc pkg
* fix: handle closed channels on unsubscribe (#1995)
* fix: give restore more time (#1997)
* fix: translation file read (#2009)
* feat: translation file read
* feat: readme
* fix: enable idp add button for iam users (#2010)
* fix: filter event_data (#2011)
* feat: Custom message files (#1992)
* feat: add get custom message text to admin api
* feat: read custom message texts from files
* feat: get languages in apis
* feat: get languages in apis
* feat: get languages in apis
* feat: pr feedback
* feat: docs
* feat: merge main
* fix: sms notification (#2013)
* fix: phone verifications
* feat: fix password reset as sms
* fix: phone verification
* fix: grpc status in sentry and validation interceptors (#2012)
* fix: remove oauth endpoints from oidc config proto (#2014)
* try with view
* fix(console): disable sw (#2021)
* fix: disable sw
* angular.json disable sw
* project projections
* fix typos
* customize projections
* customizable projections,
add change date to projects
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Florian Forster <florian@caos.ch>
Co-authored-by: mffap <mpa@caos.ch>
Co-authored-by: Christian Jakob <47860090+thesephirot@users.noreply.github.com>
Co-authored-by: Elio Bischof <eliobischof@gmail.com>
* env file
* typo
* correct users
* correct migration
* fix: merge fail
* fix test
* fix(tests): unordered matcher
* improve currentSequenceMatcher
* correct certs
* correct certs
* add zitadel database on database list
* refctor switch in match
* enable all handlers
* Delete io.env
* cleanup
* add handlers
* rename view to projection
* rename view to projection
* fix type typo
* remove unnecessary logs
* refactor stmts
* simplify interval calculation
* fix tests
* fix unlock test
* fix migration
* migs
* fix(operator): update cockroach and flyway versions (#2138)
* chore(deps): bump k8s.io/apiextensions-apiserver from 0.19.2 to 0.21.3
Bumps [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver) from 0.19.2 to 0.21.3.
- [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases)
- [Commits](https://github.com/kubernetes/apiextensions-apiserver/compare/v0.19.2...v0.21.3)
---
updated-dependencies:
- dependency-name: k8s.io/apiextensions-apiserver
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* chore(deps): bump google.golang.org/api from 0.34.0 to 0.52.0
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.34.0 to 0.52.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/master/CHANGES.md)
- [Commits](https://github.com/googleapis/google-api-go-client/compare/v0.34.0...v0.52.0)
---
updated-dependencies:
- dependency-name: google.golang.org/api
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* start update dependencies
* update mods and otlp
* fix(build): update to go 1.16
* old version for k8s mods
* update k8s versions
* update orbos
* fix(operator): update cockroach and flyway version
* Update images.go
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stefan Benz <stefan@caos.ch>
* fix import
* fix typo
* fix(migration): add org projection
* fix(projection): correct table for org events in org owners
* better insert stmt
* fix typo
* fix typo
* set max connection lifetime
* set max conns and conn lifetime in eventstore v1
* configure sql connection settings
* add mig for agg type index
* fix replace tab in yaml
* handler interfaces
* subscription
* first try
* handler
* move sql client initialization
* first part implemented
* removed all occurencies of org by id and search orgs
* fix merge issues
* cleanup code
* fix: queries implements orgviewprovider
* cleanup
* refactor text comparison
* remove unused file
* remove unused code
* log
* remove unused code
* remove unused field
* remove unused file
* refactor
* tests for search query
* remove try
* simplify state change mappers
* projection tests
* query functions
* move reusable objects to separate files
* rename domain column to primar_domain
* fix tests
* add current sequence
* remove log prints
* fix tests
* fix: verifier
* fix test
* rename domain col migrations
* simplify search response
* add custom column constructors
* fix: org projection table const
* fix: full column name
* feat: text query extension
* fix: tests for query
* number query
* add deprection message
* column in a single place (#2416)
* column in a single place
* use projection for columns
* query column with aliases
* rename methods
* remove unused code
* column for current sequences
* global counter column
* fix is org unique
* fix: merge main and change actions / flow projections to new query side (#2434)
* feat: actions (#2377)
* feat(actions): begin api
* feat(actions): begin api
* api and projections
* fix: handle multiple statements for a single event in projections
* export func type
* fix test
* update to new reduce interface
* flows in login
* feat: jwt idp
* feat: command side
* feat: add tests
* actions and flows
* fill idp views with jwt idps and return apis
* add jwtEndpoint to jwt idp
* begin jwt request handling
* add feature
* merge
* merge
* handle jwt idp
* cleanup
* bug fixes
* autoregister
* get token from specific header name
* fix: proto
* fixes
* i18n
* begin tests
* fix and log http proxy
* remove docker cache
* fixes
* usergrants in actions api
* tests adn cleanup
* cleanup
* fix add user grant
* set login context
* i18n
Co-authored-by: fabi <fabienne.gerschwiler@gmail.com>
* change actions / flow projections to new query side
* fixes
* enable org projection
Co-authored-by: fabi <fabienne.gerschwiler@gmail.com>
* fixes
* cleanup
* add tests
Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Livio Amstutz <livio.a@gmail.com>
Co-authored-by: Florian Forster <florian@caos.ch>
Co-authored-by: mffap <mpa@caos.ch>
Co-authored-by: Maximilian Panne <maximilian.panne@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Christian Jakob <47860090+thesephirot@users.noreply.github.com>
Co-authored-by: Elio Bischof <eliobischof@gmail.com>
Co-authored-by: Stefan Benz <stefan@caos.ch>
Co-authored-by: fabi <fabienne.gerschwiler@gmail.com>
2021-09-29 11:20:57 +00:00
|
|
|
}
|
2023-02-15 01:52:11 +00:00
|
|
|
|
|
|
|
api.grpcServer = server.CreateServer(api.verifier, authZ, queries, http2HostName, tlsConfig, accessSvc)
|
2023-04-11 13:37:42 +00:00
|
|
|
api.grpcGateway, err = server.CreateGateway(ctx, port, http1HostName)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
api.registerHealthServer()
|
2022-02-14 16:22:30 +00:00
|
|
|
|
2023-04-11 13:37:42 +00:00
|
|
|
api.RegisterHandlerOnPrefix("/debug", api.healthHandler())
|
2022-11-09 07:19:05 +00:00
|
|
|
api.router.Handle("/", http.RedirectHandler(login.HandlerPrefix, http.StatusFound))
|
2020-07-08 11:56:37 +00:00
|
|
|
|
2023-04-14 13:34:12 +00:00
|
|
|
reflection.Register(api.grpcServer)
|
2023-04-11 13:37:42 +00:00
|
|
|
return api, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// RegisterServer registers a grpc service on the grpc server,
|
|
|
|
// creates a new grpc gateway and registers it as a separate http handler
|
|
|
|
//
|
|
|
|
// used for v1 api (system, admin, mgmt, auth)
|
|
|
|
func (a *API) RegisterServer(ctx context.Context, grpcServer server.WithGatewayPrefix) error {
|
|
|
|
grpcServer.RegisterServer(a.grpcServer)
|
|
|
|
handler, prefix, err := server.CreateGatewayWithPrefix(ctx, grpcServer, a.port, a.http1HostName)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
a.RegisterHandlerOnPrefix(prefix, handler)
|
|
|
|
a.verifier.RegisterServer(grpcServer.AppName(), grpcServer.MethodPrefix(), grpcServer.AuthMethods())
|
|
|
|
a.healthServer.SetServingStatus(grpcServer.MethodPrefix(), healthpb.HealthCheckResponse_SERVING)
|
|
|
|
return nil
|
2020-07-08 11:56:37 +00:00
|
|
|
}
|
|
|
|
|
2023-04-11 13:37:42 +00:00
|
|
|
// RegisterService registers a grpc service on the grpc server,
|
|
|
|
// and its gateway on the gateway handler
|
|
|
|
//
|
|
|
|
// used for >= v2 api (e.g. user, session, ...)
|
|
|
|
func (a *API) RegisterService(ctx context.Context, grpcServer server.Server) error {
|
2022-02-14 16:22:30 +00:00
|
|
|
grpcServer.RegisterServer(a.grpcServer)
|
2023-04-11 13:37:42 +00:00
|
|
|
err := server.RegisterGateway(ctx, a.grpcGateway, grpcServer)
|
2022-02-14 16:22:30 +00:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2022-05-30 11:38:30 +00:00
|
|
|
a.verifier.RegisterServer(grpcServer.AppName(), grpcServer.MethodPrefix(), grpcServer.AuthMethods())
|
2023-04-11 13:37:42 +00:00
|
|
|
a.healthServer.SetServingStatus(grpcServer.MethodPrefix(), healthpb.HealthCheckResponse_SERVING)
|
2022-02-14 16:22:30 +00:00
|
|
|
return nil
|
2020-07-08 11:56:37 +00:00
|
|
|
}
|
|
|
|
|
2023-04-19 08:46:02 +00:00
|
|
|
// HandleFunc allows registering a [http.HandlerFunc] on an exact
|
|
|
|
// path, instead of prefix like RegisterHandlerOnPrefix.
|
|
|
|
func (a *API) HandleFunc(path string, f http.HandlerFunc) {
|
|
|
|
a.router.HandleFunc(path, f)
|
|
|
|
}
|
|
|
|
|
2023-04-11 13:37:42 +00:00
|
|
|
// RegisterHandlerOnPrefix registers a http handler on a path prefix
|
|
|
|
// the prefix will not be passed to the actual handler
|
|
|
|
func (a *API) RegisterHandlerOnPrefix(prefix string, handler http.Handler) {
|
2022-02-14 16:22:30 +00:00
|
|
|
prefix = strings.TrimSuffix(prefix, "/")
|
2022-04-26 10:13:16 +00:00
|
|
|
subRouter := a.router.PathPrefix(prefix).Name(prefix).Subrouter()
|
|
|
|
subRouter.PathPrefix("").Handler(http.StripPrefix(prefix, handler))
|
2022-02-14 16:22:30 +00:00
|
|
|
}
|
|
|
|
|
2023-04-11 13:37:42 +00:00
|
|
|
// RegisterHandlerPrefixes registers a http handler on a multiple path prefixes
|
|
|
|
// the prefix will remain when calling the actual handler
|
|
|
|
func (a *API) RegisterHandlerPrefixes(handler http.Handler, prefixes ...string) {
|
|
|
|
for _, prefix := range prefixes {
|
|
|
|
prefix = strings.TrimSuffix(prefix, "/")
|
|
|
|
subRouter := a.router.PathPrefix(prefix).Name(prefix).Subrouter()
|
|
|
|
subRouter.PathPrefix("").Handler(handler)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func (a *API) registerHealthServer() {
|
|
|
|
healthServer := health.NewServer()
|
|
|
|
healthpb.RegisterHealthServer(a.grpcServer, healthServer)
|
|
|
|
a.healthServer = healthServer
|
|
|
|
}
|
|
|
|
|
|
|
|
func (a *API) RouteGRPC() {
|
2022-04-27 11:10:44 +00:00
|
|
|
http2Route := a.router.
|
2022-02-14 16:22:30 +00:00
|
|
|
MatcherFunc(func(r *http.Request, _ *mux.RouteMatch) bool {
|
|
|
|
return r.ProtoMajor == 2
|
|
|
|
}).
|
2023-04-11 13:37:42 +00:00
|
|
|
Subrouter().
|
|
|
|
Name("grpc")
|
2022-04-27 11:10:44 +00:00
|
|
|
http2Route.
|
|
|
|
Methods(http.MethodPost).
|
|
|
|
Headers("Content-Type", "application/grpc").
|
|
|
|
Handler(a.grpcServer)
|
2022-02-14 16:22:30 +00:00
|
|
|
|
2023-03-08 18:33:43 +00:00
|
|
|
a.routeGRPCWeb()
|
2023-04-11 13:37:42 +00:00
|
|
|
a.router.NewRoute().
|
|
|
|
Handler(a.grpcGateway.Handler()).
|
|
|
|
Name("grpc-gateway")
|
2020-07-08 11:56:37 +00:00
|
|
|
}
|
|
|
|
|
2023-03-08 18:33:43 +00:00
|
|
|
func (a *API) routeGRPCWeb() {
|
|
|
|
grpcWebServer := grpcweb.WrapServer(a.grpcServer,
|
|
|
|
grpcweb.WithAllowedRequestHeaders(
|
|
|
|
[]string{
|
|
|
|
http_util.Origin,
|
|
|
|
http_util.ContentType,
|
|
|
|
http_util.Accept,
|
|
|
|
http_util.AcceptLanguage,
|
|
|
|
http_util.Authorization,
|
|
|
|
http_util.ZitadelOrgID,
|
|
|
|
http_util.XUserAgent,
|
|
|
|
http_util.XGrpcWeb,
|
|
|
|
},
|
|
|
|
),
|
|
|
|
grpcweb.WithOriginFunc(func(_ string) bool {
|
|
|
|
return true
|
|
|
|
}),
|
|
|
|
)
|
2023-05-05 08:25:02 +00:00
|
|
|
a.router.Use(http_mw.RobotsTagHandler)
|
2023-03-08 18:33:43 +00:00
|
|
|
a.router.NewRoute().
|
2022-04-27 11:10:44 +00:00
|
|
|
Methods(http.MethodPost, http.MethodOptions).
|
|
|
|
MatcherFunc(
|
|
|
|
func(r *http.Request, _ *mux.RouteMatch) bool {
|
2023-03-08 18:33:43 +00:00
|
|
|
return grpcWebServer.IsGrpcWebRequest(r) || grpcWebServer.IsAcceptableGrpcCorsRequest(r)
|
2022-04-27 11:10:44 +00:00
|
|
|
}).
|
2023-04-11 13:37:42 +00:00
|
|
|
Handler(grpcWebServer).
|
|
|
|
Name("grpc-web")
|
2020-07-08 11:56:37 +00:00
|
|
|
}
|
2020-08-18 08:04:56 +00:00
|
|
|
|
|
|
|
func (a *API) healthHandler() http.Handler {
|
|
|
|
checks := []ValidationFunction{
|
|
|
|
func(ctx context.Context) error {
|
|
|
|
if err := a.health.Health(ctx); err != nil {
|
|
|
|
return errors.ThrowInternal(err, "API-F24h2", "DB CONNECTION ERROR")
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
},
|
|
|
|
}
|
|
|
|
handler := http.NewServeMux()
|
|
|
|
handler.HandleFunc("/healthz", handleHealth)
|
|
|
|
handler.HandleFunc("/ready", handleReadiness(checks))
|
2020-11-20 09:09:17 +00:00
|
|
|
handler.HandleFunc("/validate", handleValidate(checks))
|
2022-07-18 08:42:32 +00:00
|
|
|
handler.Handle("/metrics", metricsExporter())
|
2020-08-18 08:04:56 +00:00
|
|
|
|
|
|
|
return handler
|
|
|
|
}
|
|
|
|
|
|
|
|
func handleHealth(w http.ResponseWriter, r *http.Request) {
|
|
|
|
_, err := w.Write([]byte("ok"))
|
2022-02-14 16:22:30 +00:00
|
|
|
logging.WithFields("traceID", tracing.TraceIDFromCtx(r.Context())).OnError(err).Error("error writing ok for health")
|
2020-08-18 08:04:56 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func handleReadiness(checks []ValidationFunction) func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
return func(w http.ResponseWriter, r *http.Request) {
|
2022-02-14 16:22:30 +00:00
|
|
|
errs := validate(r.Context(), checks)
|
|
|
|
if len(errs) == 0 {
|
feat: policies on aggregates (#799)
* feat: move pw policy
* feat: default pw complexity policy
* fix: org password complexity policy
* fix: org password complexity policy
* fix: pw complexity policy with setup
* fix: age and lockout policies on aggregates
* fix: migration
* fix: org iam policy
* fix: org iam policy
* fix: org iam policy
* fix: tests
* fix: policy request
* fix: merge master
* fix(console): policies frontend (#817)
* fix policy build
* fix: age, complexity, lockout policies
* fix: ready return err of setup not done
* fix: fix remove policies in spoolers
* fix: fix remove policies in spoolers
* feat(console): policy settings for iam and org (#824)
* fix policy build
* fix: age, complexity, lockout policies
* fix pwd complexity
* policy remove action
* add imports
* fix accounts card, enable mgmt login policy
* lint
* add iam policy to admin
* toasts, i18n, show default
* routing, i18n
* reset policy, toast i18n, cleanup, routing
* policy delete permission
* lint style
* delete iam policy
* delete non project from grid list, i18n
* lint ts, style
* fix: remove instead delete
* feat(console): delete external idp from user (#835)
* dialog i18n, delete column and function
* dialog i18n
* fix rm button
* Update console/src/assets/i18n/de.json
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
* Update console/src/assets/i18n/de.json
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
* fix: revert env, rename policy, remove comments
* fix: lowercase sich
* fix: pr requests
* Update internal/iam/repository/eventsourcing/eventstore_test.go
Co-authored-by: Silvan <silvan.reusser@gmail.com>
* fix: tests
* fix: tests
* fix(console): policies (#839)
* fix: nil pointer on get userdata (#815)
* fix: external login (#818)
* fix: external login
* fix: external login
* feat(console): delete user (#819)
* add action col to user table, i18n
* delete user from detail component
* lint
* fix(console): cleanup user detail and member components, user/me redirect, permission guards, filter, org policy guard, user table, scss cleanup (#808)
* fix: remove user.write guard for filtering
* border color
* fix user routing from member tables
* idp detail layout
* generic contact component
* fix redirect to auth user, user grant disable
* disable policy action without permission, i18n
* user-create flex fix, contact ng-content
* rm unused styles
* sidenav divider
* lint
* chore(deps-dev): bump @angular/cli from 10.1.3 to 10.1.4 in /console (#806)
* fix: user session with external login (#797)
* fix: user session with external login
* fix: tests
* fix: tests
* fix: change idp config name
* fix(container): stop copying / and instead only copy zitadel (#691)
* chore: stop copying / and instead only copy zitadel
* Update Dockerfile
* Update release.yml
* enable anchors debug
* fix(container): don't copy alpine content into scratch execpt pwd
* chore: remove need step
* merge master
* chore(deps-dev): bump @angular/cli from 10.1.3 to 10.1.4 in /console
Bumps [@angular/cli](https://github.com/angular/angular-cli) from 10.1.3 to 10.1.4.
- [Release notes](https://github.com/angular/angular-cli/releases)
- [Commits](https://github.com/angular/angular-cli/compare/v10.1.3...v10.1.4)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Florian Forster <florian@caos.ch>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump @angular/language-service from 10.1.3 to 10.1.4 in /console (#805)
* fix: user session with external login (#797)
* fix: user session with external login
* fix: tests
* fix: tests
* fix: change idp config name
* fix(container): stop copying / and instead only copy zitadel (#691)
* chore: stop copying / and instead only copy zitadel
* Update Dockerfile
* Update release.yml
* enable anchors debug
* fix(container): don't copy alpine content into scratch execpt pwd
* chore: remove need step
* merge master
* chore(deps-dev): bump @angular/language-service in /console
Bumps [@angular/language-service](https://github.com/angular/angular/tree/HEAD/packages/language-service) from 10.1.3 to 10.1.4.
- [Release notes](https://github.com/angular/angular/releases)
- [Changelog](https://github.com/angular/angular/blob/master/CHANGELOG.md)
- [Commits](https://github.com/angular/angular/commits/10.1.4/packages/language-service)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Florian Forster <florian@caos.ch>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump codelyzer from 6.0.0 to 6.0.1 in /console (#804)
* fix: user session with external login (#797)
* fix: user session with external login
* fix: tests
* fix: tests
* fix: change idp config name
* fix(container): stop copying / and instead only copy zitadel (#691)
* chore: stop copying / and instead only copy zitadel
* Update Dockerfile
* Update release.yml
* enable anchors debug
* fix(container): don't copy alpine content into scratch execpt pwd
* chore: remove need step
* merge master
* chore(deps-dev): bump codelyzer from 6.0.0 to 6.0.1 in /console
Bumps [codelyzer](https://github.com/mgechev/codelyzer) from 6.0.0 to 6.0.1.
- [Release notes](https://github.com/mgechev/codelyzer/releases)
- [Changelog](https://github.com/mgechev/codelyzer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mgechev/codelyzer/commits/6.0.1)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Florian Forster <florian@caos.ch>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* chore(deps-dev): bump @angular-devkit/build-angular from 0.1000.8 to 0.1001.4 in /console (#803)
* fix: user session with external login (#797)
* fix: user session with external login
* fix: tests
* fix: tests
* fix: change idp config name
* fix(container): stop copying / and instead only copy zitadel (#691)
* chore: stop copying / and instead only copy zitadel
* Update Dockerfile
* Update release.yml
* enable anchors debug
* fix(container): don't copy alpine content into scratch execpt pwd
* chore: remove need step
* merge master
* chore(deps-dev): bump @angular-devkit/build-angular in /console
Bumps [@angular-devkit/build-angular](https://github.com/angular/angular-cli) from 0.1000.8 to 0.1001.4.
- [Release notes](https://github.com/angular/angular-cli/releases)
- [Commits](https://github.com/angular/angular-cli/commits)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Florian Forster <florian@caos.ch>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Max Peintner <max@caos.ch>
* chore(deps): bump uuid from 8.3.0 to 8.3.1 in /console (#802)
* fix: user session with external login (#797)
* fix: user session with external login
* fix: tests
* fix: tests
* fix: change idp config name
* fix(container): stop copying / and instead only copy zitadel (#691)
* chore: stop copying / and instead only copy zitadel
* Update Dockerfile
* Update release.yml
* enable anchors debug
* fix(container): don't copy alpine content into scratch execpt pwd
* chore: remove need step
* merge master
* chore(deps): bump uuid from 8.3.0 to 8.3.1 in /console
Bumps [uuid](https://github.com/uuidjs/uuid) from 8.3.0 to 8.3.1.
- [Release notes](https://github.com/uuidjs/uuid/releases)
- [Changelog](https://github.com/uuidjs/uuid/blob/master/CHANGELOG.md)
- [Commits](https://github.com/uuidjs/uuid/compare/v8.3.0...v8.3.1)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Florian Forster <florian@caos.ch>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* create memberstable as common component
* iam member cleanup
* iam + org m table, user table service user avatar
* toast config
* fix selection emitter
* fix project grant table width
* project grant members refactor
* theme optimizations
* member table col delete
* lint
* fix table row color
* refactor grey color
* lint scss
* org list redirect on click, fix user table undef
* refresh table after grant add
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: Florian Forster <florian@caos.ch>
* fix(console): intercept navigator.language, set browser lang as default for user without explicit setting, user table outline, member create dialog import (#820)
* i18n interceptor, set language to browser lang
* nullcheck
* rm external idp log
* fix module imports, rm user displayname from i18n
* Update console/src/assets/i18n/de.json
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
* fix: delete external idps from users (#822)
* fix(console): permission regex, account switcher null check, restrict app and member create access (#821)
* fix member table disable, gerneal regexp
* fix user session card, app disable
* memberships max count
* fix policy permissions
* permission check for member add dialog
* lint
* rm accounts log
* rm id regex
* fix: handle usermemberships on project and project grant delete (#825)
* fix: go handler
Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Florian Forster <florian@caos.ch>
* fix: tests
* fix: not needed error handling
Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Silvan <silvan.reusser@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Florian Forster <florian@caos.ch>
2020-10-15 08:27:13 +00:00
|
|
|
http_util.MarshalJSON(w, "ok", nil, http.StatusOK)
|
2020-08-18 08:04:56 +00:00
|
|
|
return
|
|
|
|
}
|
2022-02-14 16:22:30 +00:00
|
|
|
http_util.MarshalJSON(w, nil, errs[0], http.StatusPreconditionFailed)
|
2020-11-20 09:09:17 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func handleValidate(checks []ValidationFunction) func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
return func(w http.ResponseWriter, r *http.Request) {
|
2022-02-14 16:22:30 +00:00
|
|
|
errs := validate(r.Context(), checks)
|
|
|
|
if len(errs) == 0 {
|
2020-11-20 09:09:17 +00:00
|
|
|
http_util.MarshalJSON(w, "ok", nil, http.StatusOK)
|
|
|
|
return
|
|
|
|
}
|
2022-02-14 16:22:30 +00:00
|
|
|
http_util.MarshalJSON(w, errs, nil, http.StatusOK)
|
2020-08-18 08:04:56 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
type ValidationFunction func(ctx context.Context) error
|
|
|
|
|
2020-11-20 09:09:17 +00:00
|
|
|
func validate(ctx context.Context, validations []ValidationFunction) []error {
|
2022-02-14 16:22:30 +00:00
|
|
|
errs := make([]error, 0)
|
2020-08-18 08:04:56 +00:00
|
|
|
for _, validation := range validations {
|
|
|
|
if err := validation(ctx); err != nil {
|
2022-02-14 16:22:30 +00:00
|
|
|
logging.WithFields("traceID", tracing.TraceIDFromCtx(ctx)).WithError(err).Error("validation failed")
|
|
|
|
errs = append(errs, err)
|
2020-08-18 08:04:56 +00:00
|
|
|
}
|
|
|
|
}
|
2022-02-14 16:22:30 +00:00
|
|
|
return errs
|
2020-08-18 08:04:56 +00:00
|
|
|
}
|
2022-07-18 08:42:32 +00:00
|
|
|
|
|
|
|
func metricsExporter() http.Handler {
|
|
|
|
exporter := metrics.GetExporter()
|
|
|
|
if exporter == nil {
|
|
|
|
return http.NotFoundHandler()
|
|
|
|
}
|
|
|
|
return exporter
|
|
|
|
}
|